Personal Data Protection Act 2012 (PDPA): Singapore's main data protection legislation that governs the collection, use, disclosure and care of personal data. It establishes obligations for organizations handling personal data and rights for individuals.
PDPA Regulations 2021: Updated regulations that provide specific requirements for compliance with the PDPA, including mandatory data breach notification requirements and transfer limitation obligations.
Cybersecurity Act 2018: Establishes a framework for the protection of Critical Information Infrastructure (CII) and provides measures for preventing and managing cybersecurity incidents in Singapore.
Computer Misuse Act: Addresses unauthorized access to computer material, unauthorized modification of computer contents, and other computer-related offenses.
Banking Act and MAS Guidelines: Sector-specific regulations for financial institutions, including requirements for data security and technology risk management.
Healthcare Services Act: Sector-specific regulations governing healthcare data protection and security requirements for healthcare service providers.
Telecommunications Act: Sector-specific regulations for telecom providers, including data protection and security requirements in telecommunications services.
Electronic Transactions Act: Provides legal framework for electronic transactions and establishes the legal validity of electronic records and signatures.
Evidence Act: Contains provisions regarding the admissibility of electronic records as evidence in legal proceedings.
APEC Cross-Border Privacy Rules: International framework for data protection that may affect cross-border data transfers within the APEC region.
ASEAN Framework on Personal Data Protection: Regional framework establishing principles for personal data protection within ASEAN member states.
Common Law Principles: General principles of contract law, confidentiality, trade secrets protection, and duty of care that apply to information security agreements.
